Please contact a member of our Customer Support Team if you wish to configure any of the settings in this article or if you host Asset Bank on your own server then update the following settings in the ApplicationSettings.properties file.
It's important to know that your assets are protected so Asset Bank comes with a range of options for configuring how your users register and log in. This article is intended for customers using the default local login, rather than SSO or LDAP login.
Registration
By default, a 'Register for an account' link is displayed on the Asset Bank login page. This opens up the registration form which, once filled in, is submitted for approval by an admin user. This option can be removed if you do not wish for users to be able to request a user account. In this instance, new users will need to be manually added by an admin user. The setting for this is:
showRegisterLink=false
If you do allow new users to register but you want to ensure that you know all you can about who is registering, you can enforce a strict registration which makes all user fields mandatory. The setting for this is:
users-register-strict=true
Registering without approval
There is also an option to allow new users to register without approval in which instance their account is created automatically. With the settings below, new users are automatically approved and an email is sent to admin users:
users-can-register-without-approval=true
send-admin-user-reg-emails=true
Selecting Groups on Registration
You can give users the option to request a particular group on registration by editing the group in the Admin > Groups area and ticking the 'Users can select group on registration' option. If you want to allow users to register for multiple groups update the setting below:
can-select-multiple-groups-on-registration=true
If you want to make group selection mandatory for registering users update the following setting:
must-select-group-on-registration=true
Logging In
Password Security
Once approved, users will need to set a password. You can ensure that each users' password contains at least 8 characters, a number and a capital letter by updating the following setting:
force-strong-password=true
For additional security you can enforce regular password changes every X number of days with the following setting:
force-password-change-after=X
Locking Users
By default, if a user attempts to log in unsuccessfully 10 times in 12 hours then their user account is locked for 24 hours. If you want to tighten or lessen these restrictions then you can update the following settings:
max-login-attempts=10
max-login-attempts-hours=12
min-lockout-hours=24
Admin users can 'Unlock' accounts by visiting Admin > Users, searching for the username, clicking 'More' and then 'Unlock User'.
Comments
0 comments
Please sign in to leave a comment.